mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
seccomp: improve error reporting
Only report OOM if that was actually the error of the operation, explicitly report the possible error that a syscall was already blocked with a different errno and translate that into a more sensible errno (EEXIST only makes sense in connection to the hashmap), and pass through all other potential errors unmodified. Part of #9939.
This commit is contained in:
parent
8f8112f916
commit
851ee70a3d
@ -1057,7 +1057,17 @@ int seccomp_parse_syscall_filter_full(
|
||||
if (!(flags & SECCOMP_PARSE_INVERT) == !!(flags & SECCOMP_PARSE_WHITELIST)) {
|
||||
r = hashmap_put(filter, INT_TO_PTR(id + 1), INT_TO_PTR(errno_num));
|
||||
if (r < 0)
|
||||
return flags & SECCOMP_PARSE_LOG ? log_oom() : -ENOMEM;
|
||||
switch (r) {
|
||||
case -ENOMEM:
|
||||
return flags & SECCOMP_PARSE_LOG ? log_oom() : -ENOMEM;
|
||||
case -EEXIST:
|
||||
if (flags & SECCOMP_PARSE_LOG)
|
||||
log_warning("System call %s already blocked with different errno: %d",
|
||||
name, PTR_TO_INT(hashmap_get(filter, INT_TO_PTR(id + 1))));
|
||||
return -EINVAL;
|
||||
default:
|
||||
return r;
|
||||
}
|
||||
} else
|
||||
(void) hashmap_remove(filter, INT_TO_PTR(id + 1));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user